<?php
    session_start();
    header('X-Frame-Options: DENY');
    require 'php/anti_csrf.php';
?>

<html lang="en">
<head>
    <title>TechBay | Homepage</title>
    <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.0/jquery.min.js"></script>
    <script type="text/javascript" src="js/index.js"></script>
    <link href="css/techbey.css" rel="stylesheet" type="text/css">
</head>
<body>
    <script>if (top != self) { top.location = self.location; }</script>
    <div id="body">
        <div id="headerBar">
            <div class="container">
                <div class="left">
                    <a href="/"><h1 title="logo" id="Logo">T<span id="ech">ech</span>BAY</h1></a>
                </div>
                <?php
                if(!isset($_SESSION['username'])) {
                    $name="CSRFGuard_".mt_rand(0,mt_getrandmax());
                    $token=csrfguard_generate_token($name);
                    echo '
                        <div class="account_relative">
                            <ul>
                                <li>
                                    <div class="signupBar">
                                        <a id="signup" class="btn" href="php/signup.php">Sign Up</a>
                                    </div>
                                </li>
                                <li>
                                    <div class="signinBar">
                                        <a id="signin" class="btn" href="/signin">Login</a>
                                    </div>
                                    <div class="signinBox">
                                        <form id="signinbox" method="post" action="php/login.php">
                                            <input type="hidden" name="CSRFName" value="'.$name.'" />
                                            <input type="hidden" name="CSRFToken" value="'.$token.'" />
                                            <table>
                                                <tr>
                                                    <td>
                                                        <a class="textInBox">Username:</a> 
                                                    </td>
                                                    <td>
                                                        <input id="signin_username" type="text" hint="username" tabindex="1" name="username">
                                                    </td>
                                                </tr>
                                                <tr>
                                                    <td>
                                                        <a class="textInBox">Password:</a>
                                                    </td>
                                                    <td>
                                                        <input id="signin_password" type="password" hint="password" tabindex="2" name="password">
                                                    </td>
                                                </tr>
                                                <tr>
                                                    <td>
                                                        <img class="visual-captcha" id="index_captcha" src="php/visual-captcha.php">
                                                    </td>
                                                    <td>
                                                        <input type="text" id="signin_captcha" name="signin_captcha">
                                                    </td>
                                                </tr>
                                                <tr>
                                                    <td>
                                                        <a class="signinbtn" id="index_change_image" href="/">Change</a>
                                                    </td>
                                                    <td>
                                                        <input type="submit" class="right" tabindex="3" value="Signin">
                                                    </td>
                                                </tr>
                                            </table>
                                        </form>
                                    </div>
                                </li>
                            </ul>
                        </div>';
                } else {
                    echo '
                        <div class="account_relative">
                            <ul>
                                <li>
                                    <div class="signoutBar">
                                        <a id="signout" class="btn" href="php/signout.php">Logout</a>
                                    </div>
                                </li>
                                <li>
                                    <div class="myaccountBar">
                                        <a id="signout" class="btn" href="php/account.php?id='. $_SESSION['username'] .'">My Account</a>
                                    </div>
                                </li>
                            </ul>
                        </div>
                    ';
                }
                ?>
            </div>
        </div>
        <div id="wrapper">
            <div class="left" id="left_navigation">
                
            </div>
            <div id="main">
                <div class="container">
                    <div class="newsection">
                        <?php
                            include('php/conn.php');
                            
                            if(!isset($_GET['page'])) {
                                $cur_page = 1;
                            } else {
                                $cur_page = $_GET['page'];
                                if(!preg_match('/^\d+$/', $cur_page)) {
                                    die('Invalid page number!');
                                }
                            }
                            
                            $start_entry = ($cur_page - 1) * 16;
                
                            $query = 'SELECT * FROM items WHERE (item_id NOT IN (SELECT item_id FROM items ORDER BY item_id DESC LIMIT $1)) ORDER BY item_id DESC LIMIT 16';
                            pg_prepare($con, 'page_query', $query) or die('Could not prepare statement');
                            $rs = pg_execute($con, 'page_query', array($start_entry,)) or die("Could not execute query");
                            
                            echo '<table class="mainTable">';
                            $cnt = 0;
                            while($row = pg_fetch_assoc($rs)) {
                                if ($cnt%4 == 0) echo '<tr>';
                                echo '<td class="mainTD"><a target="_blank" class="left" href=php/item_detail.php?itemid='.$row['item_id'].'><img class="index_img" src=img/'. $row['item_path'] .'></a>'.'<p class="mainTitle">'.$row['item_name'].'</p>'. '<p class="mainText">'.$row['item_price'].'</p>'.'<p class="mainText">'.$row['item_stock'].'</p>'.'</td>';
                                if ($cnt%4 == 3) echo '</tr>';
                                $cnt += 1;
                            }
                            while($cnt > 0 && $cnt%4 != 0) {
                                echo '<td class="paddingTD"><a> </a></td>';
                                $cnt += 1;
                                if($cnt%4 == 0) {
                                    echo '</tr>';
                                }
                            }
                            echo '</table>';    
                        ?>
                    </div>
                    <div class="page_list">
                        <?php
                            $rs = pg_query($con, "SELECT * FROM items");
                            $row_num = pg_num_rows($rs);
                            $max_page = ceil($row_num / 16);
                            
                            $hide_previous = '';
                            $hide_next = '';
                            
                            echo '<table class="page_relative">';
                            if($cur_page == 1) {
                                $hide_previous = 'class="hidden" ';
                            }
                            if($cur_page >= $max_page) {
                                $hide_next = 'class="hidden" ';
                            }
                            
                            $previous_page = $cur_page - 1;
                            $next_page = $cur_page + 1;
                            
                            echo '<tr><td><a id="padding"> </a></td><td></td><td><a id="padding"> </a></td></tr>';
                            echo '<tr><td><a href="/index.php?page='. $previous_page .'" id="index_previous" '. $hide_previous.'>previous</a></td><td><a id="index_page">'. $cur_page .'/'. $max_page .'</a></td><td><a href="/index.php?page='. $next_page .'" id="index_next" ' . $hide_next .'>next</a></td></tr>'; //https
                            echo '</table>';
                            pg_close($con);
                        ?>
                    </div>
                </div>
            </div>
            <div class="right" id="right_navigation">
            </div>
        <div id="footerBar">
            <div class="container">
                <p class="textInFooter">Jie Dong & Fang Yang 2012</p>
            </div>  
        </div>
    </div>
</body>
</html>
